The other day I added my voice to the call to end the perfidious practice of social networking sites requesting your email password.
In the discussion I made an off-hand reference to a fictitious site called iHazYrCreds. Well, it's not fictitious any longer ;-) For better or worse, you can now visit iHazYrCreds.tardate.com to find out more about the common password traps to avoid.
I'd like to see the day when asking for an email password in order to "import contacts" is deemed totally unacceptable (and negligent professional practice).
I would also welcome any moves by the big email providers (google, yahoo etc) to explicitly outlaw such use in their terms of service. I'm no lawyer, but I believe it is debatable whether it is already a violation.